Open your terminal and enter the following command:

$ nmap --script http-open-proxy -p8080 <target>

The results include the HTTP methods that were successfully tested:

PORT     STATE SERVICE
8080/tcp open  http-proxy
|  proxy-open-http: Potentially OPEN proxy.
|_ Methods successfully tested: GET HEAD CONNECT

We use the argument --script http-open-proxy -p8080 to launch the NSE script http-open-proxy if a web server is found running on port 8080, a common port for HTTP proxies.

The NSE script http-open-proxy was submitted by Arturo "Buanzo" Busleiman and it was designed to detect open proxies, as its name indicates. By default it requests google.com, wikipedia.org, and computerhistory.org, and looks for a known text pattern to determine if there is an open HTTP proxy running on the target web server.

You may request a different URL and specify the pattern that will be returned if the connection is successful by using the script parameters http-open-proxy.url and http-open-proxy.pattern:

$ nmap --script http-open-proxy –script-args http-open-proxy.url=http://whatsmyip.org,http-open-proxy.pattern="Your IP address is" -p8080 <target>

$ nmap -p80 --script http-trace --script-args http.useragent="Mozilla 42" <target>